Internet, E Mail and
Electronic Communication Policy
This policy is twenty-three (23) page in length, is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:
- Appropriate use of equipment
- Internet access
- Electronic Mail
- Retention of e-mail on personal systems
- E-mail and business records retention
- Copyrighted materials
- Banned activities
- Ownership of information
Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement (short form)
- E-Mail - Employee Acknowledgement (short form)
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
The WORD template uses the latest CSS style sheet and can easily be modified to conform to the style used in your enterprise policy manual.
Latest Policy News
Information risk management definedApril 14th, 2015
Information risk management defined
The components of this IT Management suite are all ready to use as soon as you download them.
There is both a individual license for each item and an enterprise license which allows you to to place the product on your enterprise's INTRANET (not INTERNET) and they can be shared by groups/ divisions/data centers within a single Country / DUNS number.
Information risk management involves eight steps:
- more info
- Identify all the assets that contain or transmit the information you are trying to protect. It may be PII (personal identification information), PHI (protected health information), PCI (payment card information), or any other proprietary or sensitive information important to the business. Those information assets include not only applications but the media that contains those applications, such as servers, back-up tapes, desk tops, laptops, and thumb drives.
- Identifiy threats to those assets. There are typically four categories for threats: environmental (floods, lightning, fires), structural (infrastructure or software failure), accidental (uninformed or careless users), and adversarial (hackers, malicious insiders).
- Identify the vulnerabilities to those assets. For example, no data backup, no encryption, weak passwords, no remote wipe, no surge protection, no training, no access management, no firewalls, no business continuity plans.
- Determine the probability of each threat exploiting every vulnerability. What makes this step particularly hard (in addition to the volume) is the lack of specific data to support a calculable percentage of likelihood. Some organizations use a simple high/medium/low ranking. But there are many metrics for assessing likelihood, including industry breach statistics, data-type breach statistics, data loss statistics by cause, industry complaint statistics, the breach and/or complaint history of your own organization, and the details of any security or privacy incidents.
- Determine thepotential impact on your organization. There are many methods for determining the impact, the easiest being the $200 per breached record as annually determined by the Ponemon Research Institute, or calculating the cost more specifically for your organization using the free Excel model on the ANSI website which provides values for a variety of cost variables involved in a breach. Basically the costs include: remediation (the cost of the control/safeguard that should have been put in before the breach) plus mitigation, remuneration, legal costs, fines or penalties, business distraction, and reputational costs.
- Generate a risk-rating list, with high likelihood/high impact risks at the top, low likelihood/low impact risks at the bottom, and everything else in between.
- Find solutions and determine costs for all risks that have scored above the organizations risk tolerance line.
- Reach a decision on the risk treatment. Lets take, for example, lost or stolen laptops as the risk, which represents about 20% of the health-care breaches listed on the Health and Human Services websites. An unencrypted laptop used in the field could be considered high risk, depending on what safeguards (other than encryption) are in place. The risk can be accepted, transferred (for example, outsourced to clinician group firms), avoided (no more laptops in the field), or mitigated (extra-strong passwords, remote wipe, tracking software, and so on).
BYOD is a challenge for government CIOsMarch 19th, 2015
BYOD is a challenge for government CIOs
The recent incident with the past Secretary of State highlights the fact that during the past few years, many government agencies have been challenged with balancing the hype surrounding bring-your-own-device (BYOD) programs with legitimate opportunities to use BYOD to empower employees and enhance productivity.
While the excitement around BYOD grew and then receded across the broader market, government decision-makers have always viewed it with greater caution with far fewer prioritizing BYOD among their technology initiatives. Our discussions with government stakeholders responsible for evaluating and implementing BYOD programs highlight opportunities to deploy BYOD for specific use cases and selected users such as administrative employees, emergency responders, and temporary personnel. CIOs must provide guidance in defining the appropriate BYOD programs and address key concerns related to security issues and union employee adoption.more info
35 high risk IT projects identified by GAOFebruary 13th, 2015
35 high risk IT projects identified by GAO
35 high risk IT projects have been identified by the GAO in a recent audit of federal IT projects. They fall in the following six areas which cover the breath of the entire federal government:
- Government infrastructure Improvement projects
- Transforming DOD Program Management
- Ensuring Public Safety and Security
- Managing Federal Contracting More Effectively
- Assessing the Efficiency and Effectiveness of Tax Law Administration
- Modernizing and Safeguarding Insurance and Benefit Programs
CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- Backup and Backup Retention Policy (more info...)
- Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Google Glass Policy Template (more info...) Includes electronic Google Glass Access and Use Agreement Form
- Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy
- Mobile Device Access and Use Policy (more info...)
- Patch Management Policy (more info...)
- Outsourcing and Cloud Based File Sharing Policy (more info...)
- Physical and Virtual Security Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
- Service Level Agreement (SLA) Policy Template with Metrics (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Text Messaging Sensitive and Confidential Information (more Info...)
- Travel and Off-Site Meeting Policy (more info...)
- IT Infrastructure Electronic Forms (more info...)
- more info
Campus secuirty driven by last year's eventsJanuary 14th, 2015
In the past year, we've seen a number of trends emerge in campus security at both the higher education and K-12 level, as U.S. school districts and universities enhance their security measures. On the K-12 level, much of this activity is being driven by the tragic shootings at Sandy Hook Elementary School and other similar events. In higher education, the Clery Act continues to be one of the primary drivers of change. Both education segments and analyze the most significant security trends taking place in each.
Security Manual Template
Policy and Procedure Manual
Compliance Management Made Easy
ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant
Supports Meaningful Use Compliant Stage Implementation
Includes PCI DSS Audit Program
Many organizations fail to realize the benefits of security information management due to the often exhaustive financial and human resource costs of implementing and maintaining the software. However, Janco's' Security Manual Template - the industry standard - provides the infrastructure tools to manage security, make smarter security decisions and respond faster to security incidents and compliance requests within days of implementation. The template provides a framework for evaluating SIM services and shows how they could be applied within your organization.- more info
Even with improved IT job market layoffs continue - 600 at QualcommDecember 10th, 2014
Qualcomm is laying off roughly 600 employees worldwide, as it plans to refocus its business into new areas, a company spokesperson confirmed to CNET on Tuesday.
Qualcomm said 300 employees would be cut in California, where the company has its San Diego headquarters and several other offices. A "similar number" of international employees will also be laid off. At the end of September, Qualcomm had about 31,300 full-time, part-time and temporary employees, up about 300 from the year earlier, according to regulatory filings.more info
CIO concerns when creating business continuity plansNovember 27th, 2014
Disasters Happen - Business Continuity Disaster Recovery How do you balance the business continuity disaster recovery risk and investment equation? Is the potential risk greater than the investment? The facts are: 43% of companies experiencing disasters never reopen, and 29% Continue readingmore info - more info
Disaster Planning has been impacted by EbolaOctober 23rd, 2014
Ebola shows how exotic threats filed in the it will never happen folder can impact anyone and cause major disruption.
Another such threat is from Solar flares traveling from the sun to the earth which contain massive amounts of energy can disrupt electronic systems. This along with a man made high altitude electromagnetic pulse could be just as devastating as solar storms.
The question for business continuity managers is how can we prepare for these events? Is it possible to build a business continuity and/or disaster recovery plan that addresses a long-term power outage and inability to operate most electronic devices?more info
Cloud Computig shifts computing model for many corporatrionsSeptember 3rd, 2014
Cloud computing, specifically Infrastructure-as a-Service, has shifted from a new but unproven approach to an accepted, even inevitable, model. Driven by flexibility and efficiency, the question facing most organizations is not whether the cloud is part of their infrastructure plans, but which applications and workloads to move to the cloud and when. But even as the benefits of cloud and hosted models have become apparent, concerns persist about security, and an assumption lingers that the cloud is inherently less secure than an enterprise data center environment.more info
Infrastructure updates planned for 2015 by CIOsAugust 19th, 2014
- Legacy systems need to be able to be accessed via the cloud and be available for BYOD
- Bridge the gap between the IT application infrastructure and security compliance requirements
- Focus on gaining competitive advantages and improving productivity at the same time
New Net Neutrality Rules Will Increase the Size of the FCCApril 24th, 2014
The U.S. Federal Communications Commission (FCC) proposed new rules for net neutrality that will increase the federal bureaucracy and government oversight of the internet.
The FCC proposed new net neutrality rules that will allow broadband providers to charge companies like Netflix for preferential traffic management, according to a news report.
The FCC's proposal would prohibit broadband providers from slowing down or blocking traffic to specific websites, but allow them to give some traffic preferential treatment based on commercially reasonable terms. The FCC would determine what's commercially reasonably on a case-by-case basis.
You can get all of Janco's templates in its IT Management Suite. When you do that you save over $2,500 and when implemented your enterprise is positioned to have a "WORLD CLASS" Information Technology function. You will be in compliance with all mandated requirements including all US and International requirements.
- IT Management Suite (CIO and CTO Special offer) - Save over $2,500